Using open source JavaScript on your website: Licenses explained

Disclaimer: I am not a lawyer. This post does not constitute legal advice; always consult a lawyer. This is just my personal experience in dealing with open source JavaScript and reading the licenses that came with scripts I’ve used.

There’s an expression that “there is nothing new under the sun”. When it comes to building a website that’s almost true. Even with a bespoke site it’s practically impossible not to rely on open source JavaScript—the programming language that handles all the fancy bells and whistles on websites. Whether you want a slick image gallery or a fancy form widget there’s normally something out there you can use for free that saves you reinventing the wheel.

Some developers indiscriminately use any script they find on the Internet on their clients’ sites without really checking if they’re free to do so. Just because something is available to download on the Internet doesn’t mean that you can do exactly what you want with it.

Here is some simple guidance for developers on how to use open source JavaScript on your site without running into trouble.

Open source doesn’t mean it comes without restrictions. The first thing to do is check the license. If it hasn’t got a license and it’s public domain then you can do pretty much what you like with it. If it’s in the public domain it means whoever created it gave up their copyright making it completely free.

Most scripts do come with licenses though. Assuming it is open source (which means freely available and may be redistributed and modified) then it likely falls into one of these three categories (there are lots of other licenses but in my experience these are the ones primarily used for JavaScripts). You can use, edit and modify the script for just about any use but…

…keep the copyright notice

There are three main licenses known as “permissive free software licences”: MIT, BSD and Apache. Generally speaking you can do anything you want so long as you accept the code comes with no warranty and you leave any copyright messages intact. (Even though it’s free whoever wrote it is still the copyright holder) The BSD license has nice extra clause in it stating the author “may not be used to endorse or promote products derived from this software”.

My favourite is the MIT license as it’s short, simple and easy to understand by people like me who aren’t legal experts. I release all my open source code under the MIT license.

The bottom line: MIT, BSD and Apache licensed scripts can be used and edited in any way on your website with very little obligation from you.

…give any changes back to the community

The LGPL (Lesser General Public License) and MPL (Mozilla Public License) can be used in a similar way to the above permissive licenses. However, any changes you make to that library must be released under the same license. I like the community spirit of these licenses and if you aren’t actually making any changes to the code (which is often the case) then they’re just as permissive as MIT, BSD and Apache.

For example, you build an image gallery and you download a MPL script that facilitates a zoom effect on the images. If you tweak the zoom script you must then release the zoom script under MPL but you can keep your image gallery under whatever license you want. If you don’t make any changes you aren’t compelled to release anything.

Bottom line: If you aren’t making any changes to them, LGPL and MPL licensed scripts can be be used freely. If you are, consider the implications of having to open source your changes.

…have everything infected by the GPL

GPL (General Public License) is a copyleft license meaning that any changes have to be released under the same conditions. Sounds like LGPL and MIT above, right? GPL has a bigger impact because it “infects” any other libraries it links to. So, in the example above if the image zoom script was released under GPL you would possibly have to open source your entire image gallery and not just the changes to the zoom library you made.

The reason I write “possibly” is is that there is a lot of debate as to what actually constitutes the linking of two libraries in the context of the GPL. It hasn’t been tested in court yet so no one really knows. While I like open source I really think GPL is an extremely poor choice for JavaScript (the GPL was written for traditional desktop software). I think developers think of GPL and think of open source and release their scripts under this without really knowing there are better options that still encourage free software.

I personally do not use GPL-licensed JavaScript. Full stop.

Bottom line: GPL is risky as it may infect your code. If you really must use it get an exception granted from the developer.

Tim Bennett is a Leeds-based web designer from Yorkshire. He has a First Class Honours degree in Computing from
Leeds Metropolitan University and currently runs his own one-man web design company, Texelate.